From b781f0199ffbea949c3e269ffa3e30077c5dc84f Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 8 Jan 2015 13:29:41 +0100 Subject: Policy change: all authorized users now allowed to push to any wild repository. --- conf/gitolite.conf | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/conf/gitolite.conf b/conf/gitolite.conf index 6bbe627..01a6860 100644 --- a/conf/gitolite.conf +++ b/conf/gitolite.conf @@ -22,28 +22,10 @@ repo gitolite-admin # Everything but the gitolite-admin repository is currently set up for # "wild repositories" (http://sitaramc.github.com/gitolite/wild.html). # -# In theory, this lets authenticated users create their own -# repositories without needing to touch this file. -# -# In all of these, we allow read permission to @all, on the theory -# that it doesn't make much sense to restrict read via SSH while -# allowing it via plain HTTP. So we have no current use for the -# READERS role. Add it back if we ever find a use for it. - -# Principal of Least Astonishment says that users should create -# repositories that look like they belong to other users. - -repo users?/CREATOR/..* - C = @all - RW+ = CREATOR - RW = WRITERS - R = @all - -# Other wild repositories. Might consider restricting top-level to -# enforce a particular hierarchy, ask the users what they want. +# We used to allow R for @all but restrict RW to WRITERS, but at the moment +# we just allow any authorized user to push to any wild repository. repo [a-zA-Z0-9].* C = @all RW+ = CREATOR - RW = WRITERS - R = @all + RW = @all -- cgit v1.2.3